I wrote:
> Do you see your system supporting asserts or does this go beyond a
> drop-in module?
Jason Eisenmenger wrote:
Yes and this is one of the things I've spent the most time thinking about.
Some kind of GUI that lets you select the required relationships between
not just roles and resources, but between one object and another.
Cool. I'd be interested in hearing how you solve this particular
problem: How do you know what "Resources" a system supports beyond
simple module controllers.
e.g. consider you have a custom route that matches:
article/0-9]+/edit
It drops into the article controller and the edit action with the
additional param of article_id, you'd really need to check that the
given role has access to the specific resource with that id. In my
system I'd use my article object itself as the resource and pass this
through the ACL methods which ultimately finds it's way to the assert
and I can type check it and extract the article id, author etc. and
compare that against the current user to make sure they have permission.
This works pretty well for me (with my fix from ZF-4460).
I guess you'd probably create an top level folder called assertions or
something and allow this to be glued together in your ACL editor, but I
suspect the assertions would have to load up the details for the article
independently (by using the article id from the request) rather than
using the resource object itself.
Anyway, thanks for sharing the screen cast, it helps me work on my own
strategy even if I don't use your stuff directly :)
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
